package com.yearno.baseframe.http

import android.os.Build
import java.net.Socket
import java.security.SecureRandom
import java.security.cert.X509Certificate
import javax.net.ssl.*

object SSLHelper {
    //获取这个SSLSocketFactory
    @JvmStatic
    val sslSocketFactory: SSLSocketFactory
        get() = try {
            val sslContext = SSLContext.getInstance("TLS")
            sslContext.init(null, trustManager, SecureRandom())
            sslContext.socketFactory
        } catch (e: Exception) {
            throw RuntimeException(e)
        }

    //获取TrustManager
    val trustManager: Array<TrustManager>
        get() = arrayOf(object : X509TrustManager {
            override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {}
            override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {}
            override fun getAcceptedIssuers(): Array<X509Certificate> {
                return arrayOf()
            }
        })

    //获取HostnameVerifier
    @JvmStatic
    val hostnameVerifier: HostnameVerifier
        get() = HostnameVerifier { _, _ -> true }

    /**
     * 需要兼容 android 10
     */
     fun getX509TrustManager(): X509TrustManager {
        return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
            object : X509ExtendedTrustManager() {
                override fun checkClientTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?,
                        socket: Socket?
                ) {
                }

                override fun checkClientTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?,
                        engine: SSLEngine?
                ) {
                }

                override fun checkClientTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?
                ) {
                }

                override fun checkServerTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?,
                        socket: Socket?
                ) {
                }

                override fun checkServerTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?,
                        engine: SSLEngine?
                ) {
                }

                override fun checkServerTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?
                ) {

                }

                override fun getAcceptedIssuers(): Array<X509Certificate> {
                    return arrayOf()
                }
            }
        } else {
            return object : X509TrustManager {
                override fun checkClientTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?
                ) {
                }

                override fun checkServerTrusted(
                        chain: Array<out X509Certificate>?,
                        authType: String?
                ) {

                }

                override fun getAcceptedIssuers(): Array<X509Certificate> {
                    return arrayOf()
                }
            }
        }
    }
}
